← Back to Glossary

Static Application Security Testing


What is Static Application Security Testing [SAST]?

Static Application Security Testing (SAST) is a technique to identify security vulnerabilities by scanning an application’s static source code. 

Scanning static code means scans are done on code as it is written, i.e., without running the code or application. This method enables code to be reviewed piece by piece early in the development process before applications are completed or launched.

SAST tools can be run each time code is submitted for review or in the CI/CD (continuous integration and continuous deployment) pipeline when new versions of software are pushed live. SAST tools recommend security improvements by identifying vulnerabilities such as unauthorized access risks, cyberattack risks, unsecured pass keys or API tokens, and outdated software packages. 

Scale Privacy Programs without the Pain

Try Privado's privacy code scanning solution.